A computing system includes many components and features. Components include interfaces such as a universal serial bus (USB), hardware such as non-volatile memory, and integrated devices, such as management controllers used for remote server management. Features include a part or a state of a component, such as whether the component is turned on or off, whether the component is held in reset, or whether the component may access a clock.
Each of these components and features may be seen as a potential vector of attack, from which an unauthorized entity may remotely enter and modify the system. Some of these components may be highly desirable for one user, and specifically disallowed by another user due to security concerns. For instance, one user may require a USB interface, while another user cannot have a USB interface on her system for security reasons.
Software-based solutions include unloading or disabling software to a peripheral interface. For example, network stacks or drivers may be unloaded or disabled. However, software modifications may be subverted remotely or through hidden software running on the system by an unauthorized party. Regardless of the layers of protection applied, such as encryption, passwords, and driver signing, software-based solutions are susceptible to being remotely subverted. At best, software modification makes it more difficult and time-consuming to successfully penetrate a system.
The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.